On Sun, May 15, 2011 at 20:11:04 +0200, Thomas Richter wrote:
> I finally found the bug. It persists in 2.15.0. A patch for the bug
> is included.
>
Thanks for your investigation.
> The bug is in uxa/uxa-accel.c, in the function uxa_fill_spans(). The
> problem is that the clipping performed in lines 180ff does not
> include a check for y2 of the clipped region. The fixed code reads
> as follows:
>
> pbox = REGION_RECTS(pClip);
> while (nbox--) {
> if (pbox->y1 > fullY1)
> break;
> if (pbox->y1 <= fullY1 && pbox->y2 > fullY1 /*<--bug here */ ) {
> partX1 = pbox->x1;
> if (partX1 < fullX1)
> partX1 = fullX1;
>
> partX2 = pbox->x2;
> if (partX2 > fullX2)
> partX2 = fullX2;
>
> if (partX2 > partX1) {
> uxa_screen->info->composite(dst_pixmap,
> 0, 0, 0, 0,
> partX1 + off_x,
> fullY1 + off_y,
> partX2 - partX1, 1);
> }
> }
> pbox++;
> }
>
> The bug is the missing check of "fullY1" against the lower bottom of
> the clipping rectangle, pbox->y2.
>
Asked upstream, one question for you:
21:16 < ickle> pbox->y2 < pbox->y1 is an invalid rect
21:18 < ickle> the previous line should be pbox->y1 >= fullY1 break
21:18 < ickle> can you ask if it appears to be just an off-by-one?
ie what are the values of pbox->y1 and pbox->y2?
Cheers,
Julien
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
